Posts by Category:
3 ways to Implement Role-Based Access Controls for Kubernetes
Managing RBAC in a way that’s suitable to the size of your company is confusing and overwhelming. Before speeding to implementing policy, it’s worth figuring out what problems RBAC is actually trying to solve.
DevSecOps: The Core Curriculum Opening Remarks
Listen to CEO Liz Zalman give opening remarks at the 2019 DevSecOps conference!
Connecting Postgres to Active Directory for Authentication
While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases. In this post, we will demonstrate how to install a PostgreSQL database and then configure Active Directory users to authenticate to it.
Provisioning Your People to be Productive
You just hired a new employee, great news! Luckily you have an easy onboarding process to get them access to all of the systems that they will need to access… right? If you just had a moment of panic, then keep reading because you're not alone.
Physical Facility Access Policy Best Practices | A SOC 2 Primer
Physical security is not just a concern for large companies. A small business also needs an established physical security policy to protect their physical assets and provide their employees with a sense of protection and safety.In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
Implement a BYOD Policy | Best Practices for SOC 2 Compliance
Removable media, cloud storage, and BYOD devices can be a quick and convenient way for employees to handle data. But with this convenience comes some serious security concerns. Unprotected removable storage is an easy entry point for end users to inadvertently bring in viruses and malware into your company network, thus increasing the risk of business data exposure, hardware failures and data breaches. While it may be easier to prohibit employees from using removable media and declare it a punishable offense, that approach is impractical and unrealistic.
Automating Access For On-Call
Typically there is a team who shares the responsibility of being on call on a periodic rotation. Being the first responder for production incidents typically requires an elevated set of permissions to ensure that they are not hampered in their efforts to get your services back online.
Why ASICS Digital Builds 12-Factor Apps with a Focus on Infrastructure
John Noss is a Senior Site Reliability Engineer at ASICS Digital, formerly Run Keeper. In this talk, he shares how ASICS Digital builds 12-Factor apps with an emphasis on infrastructure.
How Hearst Eliminates DevOps Complexity -- An Architecture Review
In this talk, Jim Mortko (responsible for leading all Internet-based engineering and digital production efforts) and DevOps Engineer Manuel Maldonado, they discuss how Hearst eliminated DevOps complexity through automation and tooling decisions. Listen as they walk through their services and application architecture and download the slides now.
How Betterment Secures Server Access - Automate the Boring Stuff
Chris Becker is an SRE at Betterment. Previously, he did similar work on Warby Parker's Infrastructure team. At Betterment, he earned the label APT (advanced persistent threat) thanks to consistently tripping alarms with his peculiar scripts and commands. In this talk, he discusses how Betterment's approach to server access controls evolved as the team grew exponentially. With more people and keys to manage, the SRE team needed to find ways to automate more and reduce the maintenance overhead.
Why Fair Eliminated Static Credentials -- A Retrospective
Cat Cai is currently the Director of Platform Engineering at Fair. In this talk, alongside Jack Wink and Marshall Brekka, they discuss how Fair eliminated static credentials through automation and tooling decisions. Listen as they walk through how they make sure they enforce least privileged access, and rotate credentials without causing a huge headache in the organization.
Connect your first server or database in 5 minutes. No kidding.
"When strongDM said deployment would take an hour, I assumed they were full of it and blocked out a full day. We finished in 45 minutes." - Peter Tormey, Manager DataOps, SoFi